PandaLabs, Panda Security's anti-malware laboratory, has found that the number of threats in circulation has risen, reporting a 26 percent increase in new threats compared to the same period last year.

In the first three months of 2011, PandaLabs said it had identified an average of 73,000 new malware strains each day, most being Trojans. And we are only halfway through March. In 2010 PandaLabs said it saw an average of approximately 63,000 new threats each day.

No, it's really not. These reports come out once or twice every single year, and they always end up being nothing more than good marketing tools. What has changed?..better/faster automation of malware creation, and the targeting of newer platforms (smartphones/tablets. If people weren't expecting those changes, they weren't paying attention and/or didn't have any common sense. What hasn't changed? Methods of infection, types of infections. You still have the money stealing trojans, you still have the redirects, and so on. They all still have to get on your system and they all still have to execute. Oh, now we have the social attacks too, which means you still have to be brainless as well. The "run of the mill" malware is still used against us little people, and the panic-inducing "undetectable?! Oh the humanity!" nuclear plant-crippling, economic disaster causing, corporate downfall malware that keeps Wilders, the news media and armchair security expert blogs awake at night..is still reserved for attacks against world governments and "big dog" corporations.

Really, keep using very well known software, get yourself a copy of Sandboxie or some other sandboxed browser or app, go easy on the P2P (stick to pre-2000s movies and music...it was much better back then anyway ) and, if you must, grab yourself some script protection like NoScript, and go back to sleep little ones.

-edit- If you seriously needed me to remind you (lord I hope not), keep your well-known AV and AM software up to date as well...you do have it, right? (I know you HIPpies--see what I did there?---don't particularly see the need, but for us simple folk who don't want our systems trying to have a conversation with us, we do.)

73,000 new malware samples every day? Where are they? I never see 'em...

Click to expand...

I've always wondered where on earth they are as well. Though, if I had to give it a guess, I'd say all the misspelled URLs of major websites (mostly banks and shopping websites), which, if you bother to look at the address bar even once, you can easily avoid. Maybe they're on some foreign websites as well, like China and Russia, and of course I'm sure some are to be found on P2P. But, even with all of those places, I guarantee you that you'd be extremely lucky to come across 10% of that number, and that's with you trying very hard and purposely hunting them down. If you were possibly able to count up every single infected system in the world at this very moment, I would find it extraordinarily hard to believe that even 10% of that number of malware was responsible. I'd be very willing to bet it's more in the 2-3% range at worst.

That leads me to an opinion that, considering these reports come out every single year without fail (actually, last year, didn't some blog try to claim a million or so?), that one of two things are happening. Either they are counting experimental POCs and/or malware that is meant strictly for specialized operations (meaning government/corporate attacks), or, these reports are marketing tools. Personally, I think it's safe to bet that it's both.

From 50,000/day (Also, HERE) to 73,000/day = getting Worse.
The evolution of Social Networking-related Malware, P2P-Malware etc. is more than enough...

As far as,
-what Security Setups can keep Malware-free users
and/or
-what is the Probability to get infected by uncommon/rare Malware
have Nothing to do with the OP.

Click to expand...

I beg to differ, it has plenty to do with the OP. To begin with, a jump from 50,000 to 73,000 is hardly worthy of yet another one of these yearly reports. (On a separate note, I do believe it was either Panda themselves or Previx that, just last year, came out with that "million samples" report I spoke of previously. So, going by that, we'd be doing fantastic!) Also, if the game itself hasn't changed, but only the numbers, then who cares? Whether it's 73,000 or (in another year) 100,000, if the methods haven't gotten any worse, or what the actual malware does hasn't gotten any worse ( again, I stress malware the public will run into)...then it hasn't gotten worse.

73,000 samples means nada if the general public will only see 10% of that (and that's rather unrealistic for people not actually testing malware). If the public understands how not to get infected by these 73,000 samples, and if they understand they'll never in their lifetime come across all 73,000, then these reports start to move over into the realm of "browser war" reports in usefulness.

-edit- A quote from one of your links http://ezinearticles.com/?Where-Doe...ware-(Malware)-Come-From-Each-Day?&id=1975208 : "The more malware programs that are submitted and found to be "effective" the more they can generate as well as the more damage that can be done. Many of the ones tested are ineffective, which is great news for consumers, but then malware designers are just back at the keyboard. The turnover is tremendous but yet identity thieves and scammers are vigilant in producing malware hoping to take advantage of uninformed consumers and hit pay dirt."

So, that tells me and the public that lots of those 50,000 or 73,000 samples turn out to be duds, and the word "uninformed" is a very important word. It tells me that the carefree downloaders, the ones who get suckered in by the "free offers", and the ones who generally don't bother to read address bars are still the ones being hit..just like it's always been. Worse? Nah, business as usual.

OK. This is my anual report of malware samples coming out every day. Hope it is OK to share with you Wilders Security Forums finest?

This is what I came up with. Every day, security vendors will put their hands on X amount of malware samples. Every day, security vendors will not put their hands on Y amount of malware samples.

What does this mean? It means that, just because Panda Labs came accross ~73,000 samples a day (the X value), the same doesn't mean that more aren't out there (the Y value). And, the Y value can be just one more malware sample... OR... it can be dozens, hundreds, thousands, etc?

What does this also tell us? It tells us that, Panda Labs report, is a total nonsense marketing report.

So, what do I care if there are billions of malware samples coming out every day, if all of them still require the same entrance points to infect my system?

OK. This is my anual report of malware samples coming out every day. Hope it is OK to share with you Wilders Security Forums finest?

This is what I came up with. Every day, security vendors will put their hands on X amount of malware samples. Every day, security vendors will not put their hands on Y amount of malware samples.

What does this mean? It means that, just because Panda Labs came accross ~73,000 samples a day (the X value), the same doesn't mean that more aren't out there (the Y value). And, the Y value can be just one more malware sample... OR... it can be dozens, hundreds, thousands, etc?

What does this also tell us? It tells us that, Panda Labs report, is a total nonsense marketing report.

So, what do I care if there are billions of malware samples coming out every day, if all of them still require the same entrance points to infect my system?

Note: The original posted (article) did point out that the majority of the new malware attacks have a trojan payload which was widely predicted by the security industry last year to be on the rise for this year.

Every day, security vendors will put their hands on X amount of malware samples.
Every day, security vendors will not put their hands on Y amount of malware samples.

Click to expand...

These reports focus on what you called X.
What you called Y (=unknown malware) cannot be registered, and in turn, counted.

Even blaming AV vendors on the New Malware/day (and/or Totally) they Miss, and in turn, fail to Count
(although it goes beyond the Scope of these Reports), it does Not cancel the validity of these Reports.
In fact, it shows that things are even worse: 50,000 (2009)<63,000 (2010)<73,000 (2011)<<New Malware/Day (2011-Actually)!

m00nbl00d said:

What does this also tell us? It tells us that, Panda Labs report, is a total nonsense marketing report.

So, what do I care if there are billions of malware samples coming out every day,
if all of them still require the same entrance points to infect my system?

Click to expand...

Since 2007, I'm Malware Free.
So what?
What holds for many members, here, does Not hold for the rest of the world!
Boasting about one's Security setup vs. New Malware/day has Nothing to do with what these Reports present.

-Is it a lie that Social Networking-related Malware increases?

@dw426@ m00nbl00d
Since you both laugh at what these Reports showed, offer us more Reliable Data!
I am waiting to see your Data.
BTW, AV vendors would love to see your Findings, too.

You see... You blindy want to criticize others that you failed to see my point.

My point is: The malware scenario is far more worse than those ~73000 malware samples a day.

So, these reports are nothing but marketing. That's what they are. You shouldn't care about these ~73000 malware samples, or whatever the numbers are. If security vendors know about them, then they will provide protection to their users.But they won't protect against the other malware samples they fail to detect every day, because they don't have them on their possesion, which is most likely beyond 73000 samples, which could be just one, and that may actually try to infect our system using a new method.

That's the malware you should be worring yourself about, not those ~73000 samples.

Otherwise, think about this. Why don't security vendors provide the opposite reports? Why not giving reports on what they miss? They won't due to two reasons: 1) They have no damn idea about the amount of samples they miss each day, which could be just one more, or billions... 2) It wouldn't be good for marketing, now would it?

But revealing reports that they put their hands on ~73000 malware samples a day, will make them look good. This is marketing. If this wasn't good for marketing, do you seriously believe they would waste their time releasing such reports?

Since AV vendors use just Marketing, can the Criticizers of the above Reports offer us more Reliable/Accurate data?

Click to expand...

But you're asking for data that common sense should give you. Moonblood is right, if they know about those 73000 samples, then why should you care? You don't need another test or chart to figure out that detected malware isn't the problem. If they are reporting that they get their hands on 73000 samples a day, that is marketing. They're telling us they look at 73,000 samples a day..which means they likely cover them. As far as the post I made, come on Mr. PC, do you really need more data to know you won't ever in your lifetime come across anywhere near that number of malware?

There is no truly reliable data regarding new samples anyway. In case you never noticed, reported numbers differ by vendor. Panda will say a number, Prevx will come along with theirs, Symantec theirs, and so on. And, again, all of them focus on the number they see, meaning get their hands on, play with, and, as a result, detect. I fail to see how that isn't considered a type of marketing.

I don't care, but the Average Joe should care as 'New Malware/day' increases.
Facebook, P2P, and the entire Internet become more dangerous in terms of Malware.

Click to expand...

But see, it really hasn't become more dangerous. I truly believe that, but why do I? I do because no matter the number, the way in has always remained the same. The Average Joe wouldn't need to care honestly, if the Average Joe would ever learn to read and not randomly click/install things.

Mr.PC said:

No, I never claimed that. However, these Reports focus on a World-Wide basis; not on what an Individual-User will come across.

Click to expand...

Well sure, they do indeed focus on the world. But it still stands that, even every individual in the world will not come across this number of malware. So, though you're right, the alarming nature of the report becomes much less frightening

Mr.PC said:

If AV vendors fail to offer us a clear picture, then, who can do that?

Click to expand...

Nobody can.

Mr.PC said:

It would have been really amazing if a major AV vendor had reported
the same 'New Malware/day' Number with a small AV vendor? No, way.

Click to expand...

But that means there is no reliable way of providing data on the amount of new samples created per day. What one AV vendor sees, another one may not. The size of the company has nothing to do with it, it's the submissions given to them that count. And, since those submissions are almost never the same, no one can give truly accurate data.

Assuming the statistics in the reports are correct in the way they count the samples seen, the fact remains there are users here who don't even see 1 piece of malware, let alone the numbers they're quoting. It gives the novice the impression they may stumble across 70,000+ new threats in their day to day use of the Internet. If some of us don't even come across one sample, whether sandboxed or not, it rather paints a different picture of how people are using the Internet.

Assuming the statistics in the reports are correct in the way they count the samples seen, the fact remains there are users here who don't even see 1 piece of malware, let alone the numbers they're quoting. It gives the novice the impression they may stumble across 70,000+ new threats in their day to day use of the Internet.

Click to expand...

Bingo. Of course, those of us here tend to work differently than the average user. But, the main point is yes, these reports can be taken to mean that.